[gnutls-help] RFC4514 compliance in gnutls_x509_crt_get_dn()?
Pierre Ossman
ossman at cendio.se
Tue Jul 19 13:31:10 CEST 2016
On 17/07/16 09:47, Nikos Mavrogiannopoulos wrote:
> On Fri, 2016-07-15 at 14:32 +0200, Pierre Ossman wrote:
>
>> As far as RFC4514 vs other human-readable, you could mark the OIDs
>> in
>> the list as being RFC4514 compliant or not. Separate functions could
>> then be provided depending on if you want something with strict
>> adherence to the RFC, or just something nice to present to the user.
>
> That could be an option, but we have to see who would be the consumer
> of such API. Why would this be used today? DNs are being deprecated
> over PKIX and the subjectAlternativeName is the only way to specify
> names (for end-certificates) today. Are there use cases of certificate
> DNs today that I am missing?
>
Except for ours, none that I know of. And you're right, the proper way
to handle this is using more structured data. So any use case would most
likely be similar to ours, where you're trying to make things work over
an existing string based system.
>> (Btw. if I'm reading the code correctly then GnuTLS currently cannot
>> fully parse its own output. Handling of the #<hex> fallback for
>> values currently just returns a parse error.)
>
> Could be. Which functions do you refer to?
>
https://gitlab.com/gnutls/gnutls/blob/master/lib/x509/x509_dn.c#L76
Regards
--
Pierre Ossman Software Development
Cendio AB https://cendio.com
Teknikringen 8 https://twitter.com/ThinLinc
583 30 Linköping https://facebook.com/ThinLinc
Phone: +46-13-214600 https://plus.google.com/+CendioThinLinc
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
More information about the Gnutls-help
mailing list